Academy of BFSI,

Compliance Culture on the wane in Banks?

Compliance Culture on the wane in Banks

1.0 Context Setting

Trade and commerce operate for profits. Their own business Dharma and compliance to a few statutory requirements keep them going. Banks are also in Business but they deal with money, that too of public. Trust from its constituents is the main factor to keep them going. Trust takes a long time to build but can crash quickly in adverse situations. Recent examples are Yes Bank and PMC Bank and CKP Co-op Bank.

Hence additional ring-fencing is required and therefore, regulations kick in. As you know, regulations are more stringent than statutes and violations of the same involve ‘name and shame’ too amidst heavy fines and no appeal.

Hence, ‘Compliance’ in the banking context assumes huge importance as it impacts the reputation and economic growth of a country. We will discuss the present state of affairs of the compliance culture in Banks in India and remedial steps in this article.

2.0 What is Compliance?

The Basel Committee on Banking Supervision (BCBS) paper defines Compliance risk as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organization standards, and codes of conduct applicable to its banking activities”.

2.1 What are the risks involved in Non-compliance?

Being a financial institution risks are wide and varied and sensitive if violations happen Conventional matrix of risks involved are depicted in the diagram below.

2.1.1 Risk in Digital Banking Scenario

Now Digital Banking is happening in a big way and has added a new set of risks as below

Compliance Culture has become more important in the era of digital banking as in technology-driven banking,  a lot of potential danger has become active such as:

1) Confidentiality breach (Confidential data being stolen)

2) Availability breach (Systems are intact, but services are unavailable), and

3) Integrity breach (corruption of data or systems affecting the integrity of information and processing methods)

4) New challenges after the arrival of Cryptocurrency, quantum computing and open banking.

In the field of digital banking, resolving all such errors and challenges at the primary level is the part of the compliance culture

2.2 Conventional Risk Matrix

  • Business/Strategic risk
  • Compliance risk
  • Credit risk
  • Cybersecurity Risk
  • Liquidity risk
  • Market risk
  • Moral hazard
  • Open Banking Risk
  • Operational risk
  • Reputational risk
  • Systemic risk

2.3   All Pervasive Factor

Compliance encompasses all activities of the Bank like:

  • Products
  • Process
  • Policies
  • Services
  • Customers
  • Operations
  • Channels
  • Estate matters
  • Infrastructure and
  • Cross border Banking

In fact, every activity of the Bank is having a SOP either internally made and /or externally monitored.

2.4 Architecture of Compliance set up

Broadly, we can classify them into seven silos:

  1. a) Regulatory Bodies
  2. b) Statutory Bodies
  3. c) Other Agencies/ Apex Bodies
  4. d) Internal rules
  5. e) Public
  6. f) Business Ethics
  7. g) Cultural/Moral mosaic

2.4.1 Regulatory Bodies and their Powers

We present below the Seven Super monitors/controllers of the Banks:

  • Reserve Bank of India (RBI)
  • Insurance Regulatory &Development Authority of India (IRDAI)
  • Securities Exchange Board of India (SEBI)
  • Provident Fund Regulatory &Development Authority of India (PFRDA)
  • Fixed Income Money Market & Derivatives Association of India (FIMMDA)
  • Insolvency & Bankruptcy Board of India (IBBI)
  • Ministry of Finance, Government of India (MOF)

2.4.2 What is Regulation?

Regulations are superior to statutes in the following ways:

  • Vested with licensing powers and can cancel/suspend the business activities.
  • The Circulars have legal effect.
  • Have the power to Audit, Inspect and seek data
  • Appoint/remove CMD/MD/CEO/ED/DMD/OSD and Nominee Director in PSU Banks (MOF/RBI)
  • Call for ongoing control reports of Business
  • Can suo moto initiate action
  • Levy fines/penalties
  • All Policy Directions flow from them and Business Decisions are monitored with Checks and Balances

One can dwell at length on the monitoring and controlling role of all the regulators but a broad sweep of RBI’s regulatory role is central to Banks’ compliance portfolio. We will look at the areas of supervision by RBI.

2.4.3 Role of RBI as a regulator  

Main Areas of Regulation are:

  • Licensing &Network expansion
  • Financial Supervision
  • Payment &Settlement system
  • Foreign exchange
  • Policy rates/Reserve Ratios
  • Cross Border Banking
  • Prudential norms
  • Assets classification
  • KYC Policy Implementation
  • Data Dissemination
  • Corporate Governance

Thus, all areas of Banking activities come under the constant scrutiny of RBI.

2.4.4 Statutory Compliance

As a legal entity Banks are also subject to the provisions of various laws of the land. A list of laws of the land the Banks will have to reckon with is furnished below:

RBI Act, 1934 BR Act, 1949 FEMA 1999
Income Tax Act, 1961 PMLA 2002 Shops Establishment Act (State)
Companies Act, 2015 DICGC Act, 1961 Indian Partnership Act, 1932
MSMED Act, 2006 Bankers  Book Evidence Act, 1981 The Essential Services Maintenance Act, 1968
Right To Information Act, 2005 COPRA 1986 Criminal Procedure Code 1973
Civil procedure Code 1908  Majority Act 1875 Personal laws
Indian Stamp Act, 1899 Indian Contract Act, 1872 FATCA 2010
Credit Information Company Act, 2005 (CIBIL) Information Technology Act, 2000 NI Act, 2015 (Amended)
Sale of Goods Act, 1930 Insurance Act, 1938 Payment of Bonus Act, 1965
Competition Act, 2002 Limited liability Act, 2008 Payment of Gratuity Act, 1972
Industrial Disputes Act, 1946 General Law GST Act, 2017
Payment&Settlement Act, 2015 Standards&Weight Measurement Act, 1956 Insolvency& Bankruptcy Code 2016
Indian Trusts Act, 1982 Powers of Attorney Act, 1882 SOX Act, 2002
Employees Provident Fund Act, 1952

 

 

Trade Union Act, 1926 Transfer of Property Act, 1882

All these laws impinge on the functioning of the Banks on a day-to-day basis.

2.4.5 Compliance to Other Agencies /Apex bodies

Besides the above, there are a number of Apex bodies created by statute. Banks need to abide by their guidelines to get assistance/finance/avail their services.

 

Refinance Agencies Advisory/Audit agencies Credit Agencies Payment Agencies Recovery Agencies 
NHB BCSBI CGTMSE OLTAS(Online Tax Accounting System) DRT
MUDRA ICC(Incoterms2020) DICGC SWIFT DRAT
SIDBI Ombudsman SERSAI NACH NCLT
EXIM Bank AMFI CIBIL CCIL NCLAT
NABARD  UIDAI CRILIC    
  ISO Foreign Trade Policy 2015-20    
  FEDAI      
  CKYCR      
  IBA      

2.4.5 Internal rules

All of us are aware of the role these agencies play to ensure Banks fall into Compliance mode to seek their assistance /help.

All banks have evolved Standard Operating Procedure (SOP) besides audit /Inspection procedures for all the activities in the Bank.

They are in the form of Instruction Manuals, Circulars, Memos, Code of Conduct rules, newsletters, job cards and in house magazines.

2.4.6 Public at large  

Public, especially the customers, are also made aware of these rules and mutual obligations through various methods as under:

  • Brochures
  • Pamphlets
  • Through rules of business printed in the chequebook and Passbook flaps
  • Press releases
  • Code of Bank’s commitments to customers Book displayed in the banking hall
  • Mandatory Notices as per RBI directives displayed in the banking hall
  • Information boards regarding customer grievances mechanism
  • In Account opening forms in the form as terms and conditions
  • In all legal Documents like deeds, agreements
  • Through emails/mails and other digital modes of Communication
  • Other publications/materials
  • TAT norms

There are two implications in involving the public.

  1. Banks put themselves under scrutiny with the public for compliance.
  2. The public at large become watchdogs for the good governance of the Bank at grass root levels.

2.4.7 Business Ethics

All Banks bind themselves to a set of principles and document the same in various ways to make the staff aware of the compliance culture. Some of them are listed here:

  • Mission and vision statement
  • Corporate loan policy
  • Logos and tagline
  • Customer-first approach policy document
  • CSR activities

All these give a sense of direction and purpose to the staff to be in compliance mode all the times.

2.4.8 Moral/Ethics Mosaic

Compliance has the underpinnings of the moral, ethical principles espoused by the top management of the banks. Policies they evolve show the moral compass of the bank to the staff, and helps proper culture sets in.

Some examples will illustrate the point

  • Some of the banks shun opening of branches in rural places thus depriving the population of benefits of financial Inclusion. They value profit more than meeting social objectives.
  • There are Banks in India, who
    • want to distribute profits more to shareholders than add to reserve
    • go slow on CAPEX including for Technology
    • understate NPAs and under provide on prudential norms
    • promote tainted/Non-performing staff
    • go for corporate loans more than for retail business
    • give ESOP to staff and some do not
    • will not tolerate acts of the dishonesty of the staff

These kinds of actions set the compliance climate of the bank  

Stark examples of dishonesty from the top emerged recently in the case of Yes Bank and PMC Bank. In one case, the promoter pledged his shares and thereby withdrew his stake. Further made money when the stock price was high by selling his shares in the open market when he knew the Bank would land in distress. In other cases, money was allowed to be swindled by HDIL promoter by creating 21049 fake accounts to hide his 44 bad loans.

3.0 Causative factors that lead to compliance slippages

There are many contributory factors for poor standards on compliance apart from lack of Integrity as illustrated above. We will endeavour to identify some elements below

  • Poor/outdated systems and Procedures
  • Aggressive growth style
  • Low sensitivity amongst staff
  • Suppressing incident reporting
  • Poor Audit system and poor choice of Audit personnel
  • Ineffective technology
  • Poor accountability culture
  • Frauds perpetrated from internal and external sources
  • Poor communication flow from top to line staff

3.1 Fraud as the main element in Compliance slippage

An analysis of frauds that happened in 2015-20 indicated the vulnerable areas. They are listed below:

  • Money Laundering
  • Black money sent abroad
  • Debit/Credit Card frauds
  • Fake Demat accounts
  • Benami accounts
  • Forged Stamp papers
  • KYC Violations
  • KYC frauds
  • KYC Updating
  • Cybercrimes
  • Identity Theft

In the past 2 years, many banks have incurred heavy losses due to frauds inflicted on them. The following examples are fresh in our minds:

Bank Loss due to Fraud(Rs in crores)
PMC Bank, Pune (HDIL) 4,350
Yes Bank 18,564
PNB (Nirav Modi) 13,700
CKP Coop Bank, Mumbai 500
Guru Raghavendra Sahakara Bank, Bangalore 350
  • It will be shocking to know that in the past 5 years, Urban co-op banks reported about 1000 cases worth more than Rs 220 crores
  • During April-September 2019 frauds in PSBs involved Rs 95,760 crores
  • In FY 2018-19 it was Rs 71,500 crores involving 6,800 cases
  • In Rotomac Pen case, 7 banks have lost Rs 3,695 crores in fraud
  • In the Kanishka Gold Private Limited case, 14 Banks have lost Rs 824 crores

In all the above complicity and greed from inside the Bank helped the fraudsters.

3.2 Tech frauds

This is a new phenomenon where the fraudster operates anonymously and from outside.

Timely detection is a challenge and recovery possibility are nil. Analysis has revealed the top 3 technology-related frauds happen through:

  • I-Net
  • ATM
  • E-Banking
  • Identity fraud

3.3 KYC violations detected by RBI

KYC violations are regularly happening in Banks as per press reports of RBI levying fine on errant banks.

In a period of 7 months alone in January to July 2019, RBI detected 70 cases of violations and collected a fine of Rs122.9 crores.

Practically all Banks in India figure in KYC violations.

Laxity in due diligence of KYC procedures, pave way for frauds later and money laundering.

3.4 What are the hindering factors for good compliance?

We have seen from the foregoing that Banks have to cater to a huge number of regulatory operators/statutory authorities who often lack a coordinated approach. They operate in silos and no effective /corrective guidance is obtained. This has to be thought over.

Similarly, separate departments in the Bank use different and disparate data sets and varying processes for risk reporting and risk assessment. So, convergence is lacking.

Banks operate various digital channels like websites, social media, mobile apps, search engines and more but lack tech capabilities to track all of them at one point to identify policy violations and risk events. The single testing platform is to be built to overcome the deficiency.

Radical changes need to be done in the Information Technology Act to facilitate a better compliance regime. Such changes need to synchronized with other laws too.

I will quote a simple example. Presently, only a sub-inspector can arrest a cyber-fraud criminal. The window to arrest him is itself small as he is often not in the scene of the crime and a sub-inspector chasing him is impracticable.

3.5 Way Forward

  • Seminal changes are to be made for the integration of the compliance architecture internally and at external agencies.
  • Though a General Manager is posted as the pointsman, he is not equipped to handle issues relating to cybercrimes. Good training is to be put in place and a tech-savvy team allotted to him.
  • One-third of total weightage is to be allocated to compliance portfolio in all promotion process for all cadres in the Banks.
  • Young and tech-savvy managers are to be chosen to do internal audit/inspection. Presently, it is meant for pre-retirement/punishment posting in many banks.
  • Regulators should walk the extra mile beyond levying fines and applying moratorium by taking quick preventive steps.

4.0 End note

The present state of poor compliance culture has manifested in huge NPAs and galloping cybercrimes in Banks today. Banks are the engines of economic growth for our country and they need to be in robust health. India is poised to build big banks to take on international competition. Hence, good compliance should be an important and urgent priority.

About the Author

Venkata Raman

Venkataraman is a senior professor at Manipal Global Academy of BFSI. He is a multi-talented person – a banker, an advocate, faculty in many educational institutions. He retired as an executive from Canara Bank after serving the bank in various managerial capacities for 34 years.

Prof. Venkataraman holds an MBA in HR, and LLM besides many certification and membership in Karnataka Bar Association. He is a faculty in ICAI, Bengaluru, conducts online classes for business administration students of Sikkim Manipal University and he is a viva panel member in four universities. He also works as an IPR consultant. Since 2011, Venkataraman working with Manipal.

0no comment

writer

The author didnt add any Information to his profile yet

Leave a Reply